Part One: Running
Linux on your business network means you have a lot of choice. Our new
series on Linux for business networks helps you consider your options and
choose best-of-breed applications." />

Run a Business Network on Linux

Part One: Running
Linux on your business network means you have a lot of choice. Our new
series on Linux for business networks helps you consider your options and
choose best-of-breed applications.

Run a
Business Network on Linux, Part One: Linux oldtimers have known for years that it's not
necessary to go into hock for expensive, proprietary networking gear,
because Linux comes with a powerhouse networking stack. It also comes with
a host of first-rate network services such as intrusion detection,
firewalling, proxies; file, print, Web, and email services; excellent
groupware and messaging; genuine secure remote access and administration;
secure wireless; diagnostic, monitoring, and repair tools; backups and
restores; and most everything else needed to run the small-to-big
enterprise. In this new series we're going to learn how to run a business
network on Linux using best-of-breed applications. Best-of-breed, happily,
is a difficult and debatable proposition because there are so many good
choices, so we'll just have to roll up our sleeves and do our best.

Related Linux Help

In this series our workhorses will be Ubuntu Server Edition and Voyage
Linux. Ubuntu Server Edition is a good, sensible fluff-free bundle that
makes a great LAN server. In addition to the usual
mail/file/print/Web/etc. servers, it includes automated and unattended
network installations of new PCs, one-click Active Directory integration
for the poor souls who must have that, and a commercial support option.

Voyage is a very stripped-down Debian Linux; the stock installation is
68 megabytes. Unlike most embedded Linuxes, Voyage comes with the excellent
apt-get package manager. Most tiny Linuxes sacrifice the package
manager, so they are difficult to upgrade or add new software. With Voyage
you have the entire world of Debian available to you, so customizing your
own gear is easy. It's great for firewalls and routers, and specialized
servers that need a small footprint.

I see some fine *BSD fans raising their hands, and they are correct-
FreeBSD, OpenBSD, and NetBSD also have all these things. In some cases
they're even better than their Linux cousins, so as the series progresses
I'll include some pointers to these as well.

Avoiding Traps and Pitfalls

TCP/IP networking is
supposed to be platform-agnostic; in other words, you should be able to
plug any client into a network and have access to all network
resources. Of course in the real world it's a bit more difficult than
that, as so many vendors invest more resources into locking customers in
by devious and unsavory means, rather than giving them good reasons to
stay. While I love to crab at Microsoft's non-standard implementations of
networking standards, don't forget that Apple didn't even include a TCP/IP
stack in MacOS. If you wanted TCP/IP you had to purchase third-party
software like Thursby's Dave. Sure, MacOS had AppleTalk , which
made networking with other Macs as easy as plugging them in. As long as
all the Macs on the local AppleTalk network were running the same MacOS
version, that is, or hadn't been made obsolete by an OS upgrade that left
not-very-older hardware behind.

Linux is your insurance against lock-in and forced obsolescence, which
are just two of the many reasons I like it so much. If you need real
interoperability, and not the fake kind that exists only in press releases,
then you want FOSS (Free/Open Source Software).

No Cheap Network Hardware

My friends call me a bore on the subject of careful hardware shopping,
but then they go out and buy some dumb widget because it has a low price
tag, and then they waste all kinds of time trying to make the thing work,
and then bore everyone with complaints. The math is simple — what costs
less, hours of your time, or a few dollars more for something that works
right and doesn't drive you crazy? The Internet is chock-full of user
reviews, so you don't have to shop blindly. If a device does not have good
Linux support, don't buy it. The more users and devices under your care,
the more important it is to invest in quality gear. Downtime, service
interruptions, and nurse-maiding cheapo hardware get expensive quickly.

On the other hand, you don't have to pay too much. x86 hardware gives
you so much bang for your buck that you don't need specialized, expensive
gear for most networking jobs. Sure, your local friendly Cisco-certified
person will probably scoff at your Linux-powered router on inexpensive
hardware. Let her scoff, for you are saving a ton of money, getting great
performance, and using your standard familiar Linux commands. You know
there are no secret vendor backdoors (known to every cracker in the world
but not you), and that bugs and security flaws will not be swept under the
rug.

Getting Started

There are three tools that I think are essential for a network
administrator: a good bootable rescue CD, a good bootable rescue USB stick,
and a special network administrator's laptop. I prefer SystemRescueCD because I have
yet to find an important feature that it doesn't support. You get all the
usual important networking and system administration tools, plus it also
supports LVM and RAID . A laptop
equipped with a serial terminal, at least one wired and one wireless
network interface, and all the software utilities you might ever need is a
great timesaver, and keeps your blood pressure at healthy levels. It
doesn't have to be a super high-powered machine with all the bells and
whistles; anything that supports current Linux kernels and is easy to carry
around does the job just fine. Stick with Atheros-based wireless interfaces
because these support all wireless modes, including management and
monitoring. Most of the others only support client functions. The serial
terminal is your life-saver when Ethernet goes south, which it will, and
it's necessary for embedded boards and headless servers. See The
Serial Console: A Front Door Worth Leaving Open to learn how to set it
up. Most laptops these days don't have a serial port, but no problem—a
USB-to-serial connector is inexpensive and works beautifully. Just plug it
in and then run dmesg to see its name, which is usually
ttyUSB0.

Come back in two weeks for our next installment, in which we will make
sure our Internet gateway is stout and well-secured, and then set up
lightweight, reliable intrusion detection that is actually easy to
administer, and won't make you crazy with false alarms and endless log
analysis and all those other bad things that ID systems are famous for. You
can get a head start with the two-part Secure
and Manage Voyage Linux series. There is a glitch in Voyage Linux that
persists to the new 5.0 release—you'll have to change ownership and
permissions on /var/run/sshd to enable remote SSH logins: